European Data Protection Supervisor
European Data Protection Supervisor

Accountability

Accountability

Accountability is a common principle for organisations across many disciplines; the principle embodies that organisations live up to expectations for instance in the delivery of their products and their behaviour towards those they interact with. The General Data Protection Regulation (GDPR) integrates accountability as a principle which requires that organisations put in place appropriate technical and organisational measures and be able to demonstrate what they did and its effectiveness when requested.

Organisations, and not Data Protection Authorities, must demonstrate that they are compliant with the law.  Such measures include: adequate documentation on what personal data are processed, how, to what purpose, how long;  documented processes and procedures aiming at tackling data protection issues at an early state when building information systems or responding to a data breach; the presence of a Data Protection Officer that be integrated in the organisation planning and operations etc.

In 2015, in anticipation of the GDPR, the EDPS initiated a project to develop a framework for greater accountability in data processing to be applied to our own organisation, as an institution, a manager of financial resources and people - and a controller.

In addition, we have started to promote the accountability principle through visits to small, medium and large EU bodies to explain the new obligations resulting from the revised legal framework and the implications for EU institutions and the EDPS' work as their supervisory authority.

Filters

Pages

11/04/2012
11
Apr
2012

European market for card, internet and mobile payments

Letter concerning Commission's Green Paper "Towards an integrated European market for card, internet and mobile payments".

See also the text of the Green Paper "Towards an integrated European market for card, internet and mobile payment".

07/03/2012
7
Mar
2012

EDPS applauds strengthening of the right to data protection in Europe, but still regrets the lack of comprehensiveness

Today, the European Data Protection Supervisor (EDPS) adopted his Opinion on the proposed package for a reform of the EU rules on data protection. This package was adopted by the Commission on 25 January 2012 and includes a Regulation with general rules on data protection and a Directive with specific data protection rules for the law enforcement sector.

30/01/2012
30
Jan
2012

EDPS general survey shows that EU institutions and bodies have different levels of data protection compliance

Today, the European Data Protection Supervisor (EDPS) published the results of his latest general survey of compliance with the Data Protection Regulation. EU institutions and bodies process personal data both in their daily work and in their core business activities. In both cases they have to comply with data protection principles and obligations and respect the rights of the individuals involved. In his latest stock-taking exercise, the EDPS has analysed the performance of all 58 EU institutions and bodies in certain key areas.

21/06/2011
21
Jun
2011

Energy market integrity and transparency

Opinion on the Proposal for a Regulation of the European Parliament and of the Council on energy market integrity and transparency, OJ C 279/03, 23.09.2011, p.20

05/05/2011
5
May
2011

Consumer Protection Cooperation System ("CPCS")

Opinion on the Consumer Protection Cooperation System ("CPCS") and on Commission Recommendation 2011/136/EU on guidelines for the implementation of data protection rules in the CPCS, OJ C 217/06, 23.07.2011, p.18

14/01/2011
14
Jan
2011

Comprehensive approach on personal data protection in the European Union

Opinion on the Communication from the Commission on "A comprehensive approach on personal data protection in the European Union", OJ C 181/01, 22.06.2011, p.1

See also the text of the Communication from the Commission to the European Parliament, the Council, the Economic and Social Committee and the Committee of the Regions - "A comprehensive approach on personal data protection in the European Union".

13/12/2010
13
Dec
2010

Data protection compliance in the EU administration: EDPS adopts comprehensive policy on supervision and enforcement

Today, the European Data Protection Supervisor (EDPS) adopted a policy paper that sets out the framework within which he monitors, measures and ensures data protection compliance in the EU administration. The policy signals a fundamental change of gear in the field of enforcement.

The policy seeks to encourage voluntary compliance and best practice and create sufficient incentives for compliance by:

29/04/2010
29
Apr
2010

Reform of EU Data Protection law: EDPS calls on the European Commission to be ambitious in its approach

Today, in a speech at the European Privacy and Data Protection Commissioners' Conference in Prague, the European Data Protection Supervisor (EDPS), Peter Hustinx, spoke strongly about the need to be proactive in the context of the unfolding debate on the future of the EU legal framework for data protection. The EDPS called on the European Commission to remain ambitious in updating the existing framework to avoid the risk of an increasing loss of relevance and effectiveness of data protection in a society that is ever more driven by technological change and globalisation.

18/03/2010
18
Mar
2010

Promoting trust in the Information Society

Opinion on promoting trust in the Information Society by fostering data protection and privacy

11/11/2008
11
Nov
2008

EU-US High Level Contact Group on information sharing

Opinion on the Final Report by the EU-US High Level Contact Group on information sharing and privacy and personal data protection, OJ C 128, 06.06.2009, p. 1

19/10/2007
19
Oct
2007

Audits - Commission

Answer to a notification for prior checking on audit of the European Regional Development Fund (ERDF), the Cohesion Fund and the Instrument for Structural Policies for Pre-accession (ISPA) (Case 2007-370)

Pages